Playbook: Risk Notable Preprocess

Description

"This playbook prepares a risk notable for investigation by performing the following tasks: 1. Ensures that a risk notable links back to the original notable event with a card pinned to the HUD. 2. Posts a link to this container in the comment field of Splunk ES. 3. Updates the container name, description, and severity to reflect the data in the notable artifact."

Apps

Splunk

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Click the playbook screenshot to explore in more detail!

explore

Required fields

  • event_id

  • info_min_time

  • info_max_time

Reference

source | version: 1